Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2024/08/07 11:10 a.m.7 views

Problems with Georgia’s Voter Registration Portal

Its possible to cancel other peoples voter registrations: On Friday, four days after Georgia Democrats began warning that bad actors could abuse the states new online portal for canceling voter registrations, the Secretary of States Office acknowledged to ProPublica that it had identified multipl...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/06 11:1 a.m.11 views

On the Cyber Safety Review Board

When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrikes faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to t...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/05 11:7 a.m.7 views

New Patent Application for Car-to-Car Surveillance

Ford has a new patent application for a system where cars monitor each others speeds, and then report then to some central authority. Slashdot thread...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/02 9:4 p.m.8 views

Friday Squid Blogging: Treating Squid Parasites

A newly discovered parasite that attacks squid eggs has been treated. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/02 11:1 a.m.9 views

Leaked GitHub Python Token

Heres a disaster that didnt happen: Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index PyPI, and the Python...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/01 11:3 a.m.9 views

Education in Secure Software Development

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/31 3:55 p.m.11 views

Nearly 7% of Internet Traffic Is Malicious

Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/30 11:7 a.m.7 views

Providing Security Updates to Automobile Software

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servici...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/29 11:2 a.m.10 views

New Research in Detecting AI-Generated Videos

The latest in what will be a continuing arms race between creating and detecting videos: The new tool the research project is unleashing on deepfakes, called "MISLnet", evolved from years of data derived from detecting fake images and video with tools that spot changes made to digital video or...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/26 9:2 p.m.8 views

Friday Squid Blogging: Sunscreen from Squid Pigments

Theyre better for the environment. Blog moderation policy...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/26 4:21 p.m.14 views

Compromising the Secure Boot Process

This isnt good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised ...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/25 6:37 p.m.12 views

The CrowdStrike Outage and Market-Driven Brittleness

Fridays massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/25 11:5 a.m.10 views

Data Wallets Using the Solid Protocol

I am the Chief of Security Architecture at Inrupt, Inc., the company that is commercializing Tim Berners-Lees Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here, but basically a digital wallet is a...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/24 3:25 p.m.10 views

Robot Dog Internet Jammer

Supposedly the DHS has these: The robot, called "NEO," is a modified version of the "Quadruped Unmanned Ground Vehicle" Q-UGV sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHSs Federal Law Enforcement Training Centers FLETC, told police at the 2024...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/23 11:8 a.m.8 views

2017 ODNI Memo on Kaspersky Labs

Its heavily redacted, but still interesting. Many more ODNI documents here...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/22 11:6 a.m.10 views

Snake Mimics a Spider

This is a fantastic video. Its an Iranian spider-tailed horned viper Pseudocerastes urarachnoides. Its tail looks like a spider, which the snake uses to fool passing birds looking for a meal...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/19 9:3 p.m.10 views

Friday Squid Blogging: Peru Trying to Protect its Squid Fisheries

Peru is trying to protect its territorial waters from Chinese squid-fishing boats. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/19 4:2 p.m.11 views

Brett Solomon on Digital Rights

Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director. Hes written a blog post about what hes learned and what comes next...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/18 3:33 p.m.6 views

Criminal Gang Physically Assaulting People for Their Cryptocurrency

This is pretty horrific: …a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elder...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/17 4:3 p.m.14 views

Cloudflare Reports that Almost 7% of All Internet Traffic Is Malicious

6.8%, to be precise. From ZDNet: However, Distributed Denial of Service DDoS attacks continue to be cybercriminals weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDo...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/15 5:13 p.m.12 views

Hacking Scientific Citations

Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors names, publication year, journal or conference name, and page numbers of the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/14 4:5 p.m.9 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking--along with John Bruce, the CEO and Co-founder of Inrupt--at the 18th Annual CDOIQ Symposium in Cambridge, Massachusetts, USA. The symposium runs from July 16 through 18, 2024, and my session is on Tuesday, July 16 at...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/12 9:1 p.m.13 views

Friday Squid Blogging: 1994 Lair of Squid Game

I didnt know: In 1994, Hewlett-Packard released a miracle machine: the HP 200LX pocket-size PC. In the depths of the device, among the MS-DOS productivity apps built into its fixed memory, there lurked a first-person maze game called Lair of Squid. … In Lair of Squid, youre trapped in an underwat...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/12 11:4 a.m.21 views

The NSA Has a Long-Lost Lecture by Adm. Grace Hopper

The NSA has a video recording of a 1982 lecture by Adm. Grace Hopper titled "Future Possibilities: Data, Hardware, Software, and People." The agency is so far refusing to release it. Basically, the recording is in an obscure video format. People at the NSA cant easily watch it, so they cant redac...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/11 3:9 p.m.6 views

Apple Is Alerting iPhone Users of Spyware Attacks

Not a lot of details: Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. Its the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/10 2:42 p.m.8 views

RADIUS Vulnerability

New attack against the RADIUS authentication protocol: The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/09 4:27 p.m.9 views

Reverse-Engineering Ticketmaster’s Barcode System

Interesting: By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removin...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/08 5:59 p.m.13 views

On the CSRB’s Non-Investigation of the SolarWinds Attack

ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsofts culpability, even though they were directed by President Biden to do so...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/05 9:39 p.m.8 views

Friday Squid Blogging: Newly Discovered Vampire Squid

A new vampire squid species was discovered in the South China Sea. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/03 3:27 p.m.51 views

New Open SSH Vulnerability

Its a serious one: The vulnerability, which is a signal handler race condition in OpenSSHs server sshd, allows unauthenticated remote code execution RCE as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. ...

8.1CVSS8.7AI score0.99506EPSS
Exploits68
Schneier on Security
Schneier on Security
added 2024/07/02 6:11 p.m.14 views

Upcoming Book on AI and Democracy

If youve been reading my blog, youve noticed that I have written a lot about AI and democracy, mostly with my co-author Nathan Sanders. I am pleased to announce that were writing a book on the topic. This isnt a book about deep fakes, or misinformation. This is a book about what happens when AI...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/02 11:6 a.m.10 views

Public Surveillance of Bars

This article about an app that lets people remotely view bars to see if theyre crowded or not is filled with commentary--on both sides--about privacy and openness...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/01 11:5 a.m.11 views

Model Extraction from Neural Networks

A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but its a...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/28 9:1 p.m.7 views

Friday Squid Blogging: New Squid Species

A new squid species--of the Gonatidae family--was discovered. The video shows her holding a brood of very large eggs. Research paper...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/28 11:4 a.m.11 views

James Bamford on Section 702 Extension

Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act FISA...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/27 11:6 a.m.15 views

Security Analysis of the EU’s Digital Wallet

A group of cryptographers have analyzed the eiDAS 2.0 regulation electronic identification and trust services that defines the new EU Digital Identity Wallet...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/26 11:6 a.m.11 views

The US Is Banning Kaspersky

This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban--­th...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/25 11:2 a.m.12 views

Breaking the M-209

Interesting paper about a German cryptanalysis machine that helped break the US M-209 mechanical ciphering machine. The paper contains a good description of how the M-209 works...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/24 11:4 a.m.10 views

Paul Nakasone Joins OpenAI’s Board of Directors

Former NSA Director Paul Nakasone has joined the board of OpenAI...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/21 9:6 p.m.9 views

Friday Squid Blogging: Squid Nebula

Beautiful astronomical photo...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/21 11:4 a.m.11 views

Ross Anderson’s Memorial Service

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. The passcode is "L3954FrrEF"...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/20 11:10 a.m.15 views

Recovering Public Keys from Signatures

Interesting summary of various ways to derive the public key from digitally signed files. Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want ...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/19 8:26 p.m.10 views

New Blog Moderation Policy

There has been a lot of toxicity in the comments section of this blog. Recently, were having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. Its gotten so bad that I need to do something. My options are limited because Im just one...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/19 11:9 a.m.25 views

The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/18 11:4 a.m.18 views

Rethinking Democracy for the Age of AI

There is a lot written about technologys threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/17 11:8 a.m.22 views

Using LLMs to Exploit Vulnerabilities

Interesting research: "Teams of LLM Agents can Exploit Zero-Day Vulnerabilities." Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/14 9:6 p.m.8 views

Friday Squid Blogging: Squid Cartoon

Squid humor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/14 3:59 p.m.13 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. Im speaking on "Reimagining...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/14 11:5 a.m.15 views

Demo of AES GCM Misuse Problems

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/13 11:2 a.m.19 views

AI and the Indian Election

As India concluded the worlds largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies--and what lessons that holds for the rest of the world. The campaigns made extensive use of AI...

7.2AI score
Exploits0
Total number of security vulnerabilities2979