Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2024/06/12 11:2 a.m.13 views

Using AI for Political Polling

Public polling is a critical function of modern political campaigns and movements, but it isnt what it once was. Recent US election cycles have produced copious postmortems explaining both the successes and the flaws of public polling. There are two main reasons polling fails. First, nonresponse...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/11 11:2 a.m.24 views

LLMs Acting Deceptively

New research: "Deception abilities emerged in large language models": Abstract: Large language models LLMs are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/10 11:8 a.m.12 views

Exploiting Mistyped URLs

Interesting research: "Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains": Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/07 9:5 p.m.11 views

Friday Squid Blogging: Squid Catch Quotas in Peru

Peru has set a lower squid quota for 2024. The article says "giant squid," but that seems wrong. We dont eat those. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/07 8:55 p.m.16 views

Security and Human Behavior (SHB) 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/07 11:4 a.m.14 views

The Justice Department Took Down the 911 S5 Botnet

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/06 3:51 p.m.12 views

Espionage with a Drone

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/05 11:0 a.m.24 views

Online Privacy and Overfishing

Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions werent about how hackers were using the tools that was utterly predictable, but about how Microsoft figured it out. The natural conclusion wa...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/04 11:8 a.m.14 views

Breaking a Password Manager

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/03 11:6 a.m.14 views

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We don...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/03 11:4 a.m.13 views

AI Will Increase the Quantity—and Quality—of Phishing Scams

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review: Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligen...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/31 9:2 p.m.10 views

Friday Squid Blogging: Baby Colossal Squid

This video might be a juvenile colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/31 11:4 a.m.25 views

How AI Will Change Democracy

I dont think its an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isnt necessarily interesting. But when an A...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/30 11:4 a.m.13 views

Supply Chain Attack against Courtroom Software

No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode o...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/29 11:1 a.m.19 views

Privacy Implications of Tracking Wireless Access Points

Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/28 11:9 a.m.34 views

Lattice-Based Cryptosystems and Quantum Cryptanalysis

Quantum computers are probably coming, though we dont know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/24 9:3 p.m.12 views

Friday Squid Blogging: Dana Squid Attacking Camera

Fantastic footage of a Dana squid attacking a camera at a depth of about a kilometer. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/24 11:7 a.m.14 views

On the Zero-Day Market

New paper: "Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market": Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike an...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/23 11:0 a.m.18 views

Personal AI Assistants and Privacy

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called "Recall" for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall record...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/22 11:3 a.m.11 views

Unredacting Pixelated Text

Experiments in unredacting text that has been pixelated...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/21 11:9 a.m.21 views

Detecting Malicious Trackers

From Slashdot: Apple and Google have launched a new industry standard called "Detecting Unwanted Location Trackers" to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/20 11:4 a.m.12 views

IBM Sells Cybersecurity Group

IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed--but probably surprisingly small--sum. I have a personal connection to this. In 2016, IBM bought Resilient Systems, the startup I was a part of. It became part if IBMs cybersecurity offerings, mostly and weirdly...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/17 9:4 p.m.11 views

Friday Squid Blogging: Emotional Support Squid

When asked what makes this an "emotional support squid" and not just another stuffed animal, its creator says: Theyre emotional support squid because theyre large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows and you can fidget with the arms and tentacles for...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/17 11:9 a.m.21 views

FBI Seizes BreachForums Website

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forums backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be use...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/16 11:3 a.m.15 views

Zero-Trust DNS

Microsoft is working on a promising-looking protocol to lock down DNS. ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform--the core component of the Windows Firewall--directly into client devices. Jake Williams, VP of research an...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/14 4:4 p.m.16 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is "Should the USG Establish a Publicly Funded AI Option?" The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/14 11:1 a.m.32 views

Another Chrome Vulnerability

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and...

6.8CVSS6.7AI score0.08348EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/13 11:4 a.m.21 views

LLMs’ Data-Control Path Insecurity

Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone...

8.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/10 9:7 p.m.20 views

Friday Squid Blogging: Squid Mating Strategies

Some squids are "consorts," others are "sneakers." The species is healthiest when individuals have different strategies randomly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/10 4:1 p.m.17 views

New Attack Against Self-Driving Car AI

This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/09 4:5 p.m.11 views

How Criminals Are Using Generative AI

Theres a new report on how criminals are using generative AI tools: Key Takeaways: Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. Compared to last year, criminals seem to have abandoned any attemp...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/07 3:32 p.m.15 views

New Attack on VPNs

This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, ...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/06 11:3 a.m.17 views

New Lawsuit Attempting to Make Adversarial Interoperability Legal

Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision--and an even more obscure typo. Read this...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/03 9:5 p.m.11 views

Friday Squid Blogging: Squid Purses

Squid-shaped purses for sale. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/03 6:13 p.m.13 views

My TED Talks

I have spoken at several TED conferences over the years. TEDxPSU 2010: "Reconceptualizing Security" TEDxCambridge 2013: "The Battle for Power on the Internet" TEDMed 2016: "Who Controls Your Medical Data?" Im putting this here because I want all three links in one place...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/03 11:10 a.m.26 views

Rare Interviews with Enigma Cryptanalyst Marian Rejewski

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/02 11:5 a.m.22 views

The UK Bans Default Passwords

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/01 11:9 a.m.14 views

AI Voice Scam

Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/30 11:0 a.m.10 views

WhatsApp in India

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/29 11:7 a.m.13 views

Whale Song Code

During the Cold War, the US Navy tried to make a secret code out of whale song. The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer--the Combo Signal Recognizer CSR--would detect the specif...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/26 9:7 p.m.12 views

Friday Squid Blogging: Searching for the Colossal Squid

A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/26 11:1 a.m.17 views

Long Article on GM Spying on Its Cars’ Drivers

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them--and then sold that data to insurance companies...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/25 11:2 a.m.19 views

The Rise of Large-Language-Model Optimization

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is comin...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/24 11:5 a.m.15 views

Dan Solove on Privacy Regulation

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: "I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article." His mini-abstract: In this Article I argue that most of the time, privacy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/23 11:9 a.m.10 views

Microsoft and Security Incentives

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security--in particular, Microsoft: Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default, and...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/22 3:26 p.m.14 views

Using Legitimate GitHub URLs for Malware

Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg. The attacker is exploiting a property of...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/19 9:5 p.m.10 views

Friday Squid Blogging: Squid Trackers

A new bioadhesive makes it easier to attach trackers to squid. Note: the article does not discuss squid privacy rights. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/18 11:6 a.m.15 views

Other Attempts to Take Over Open Source Projects

After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/17 11:8 a.m.13 views

Using AI-Generated Legislative Amendments as a Delaying Technique

Canadian legislators proposed 19,600 amendments--almost certainly AI-generated--to a bill in an attempt to delay its adoption. I wrote about many different legislative delaying tactics in A Hackers Mind, but this is a new one...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/16 11:0 a.m.11 views

X.com Automatically Changing Link Text but Not URLs

Brian Krebs reported that X formerly known as Twitter started automatically changing twitter.com links to x.com links. The problem is: 1 it changed any domain name that ended with "twitter.com," and 2 it only changed the links appearance anchortext, not the underlying URL. So if you were a clever...

7.2AI score
Exploits0
Total number of security vulnerabilities2979