Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2024/02/22 5:8 p.m.13 views

New Image/Video Prompt Injection Attacks

Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and its really impressive. Which means a lot of scary new video prompt injection attacks. And remember, given the current state of technology, prompt injection attacks are impossibl...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/21 12:8 p.m.8 views

Details of a Phone Scam

First-person account of someone who fell for a scam, that started as a fake Amazon service rep and ended with a fake CIA agent, and lost $50,000 cash. And this is not a naive or stupid person. The details are fascinating. And if you think it couldnt happen to you, think again. Given the right set...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/20 12:2 p.m.18 views

Microsoft Is Spying on Users of Its AI Tools

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools--presumably coding tools--to improve their hacking abilities. From their report: In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries--tracked as...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/19 4:15 p.m.16 views

EU Court of Human Rights Rejects Encryption Backdoors

The European Court of Human Rights has ruled that breaking end-to-end encryption by adding backdoors violates human rights: Seemingly most critically, the Russian government told the ECHR that any intrusion on private lives resulting from decrypting messages was "necessary" to combat terrorism in...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/16 10:4 p.m.9 views

Friday Squid Blogging: Vegan Squid-Ink Pasta

It uses black beans for color and seaweed for flavor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/15 12:4 p.m.13 views

On the Insecurity of Software Bloat

Good essay on software bloat and the insecurities it causes. The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected. Because of this, there is a huge attack surface full of mediocre code. Efforts are ongoing to improve the quality of code itself,...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/14 5:1 p.m.11 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference MSC 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/14 12:8 p.m.18 views

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NISTs post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/13 8:13 p.m.10 views

A Hacker’s Mind is Out in Paperback

The paperback version of A Hackers Mind has just been published. Its the same book, only a cheaper format. But--and this is the real reason I am posting this--Amazon has significantly discounted the hardcover to $15 to get rid of its stock. This is much cheaper than I am selling it for, and cheap...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/13 12:7 p.m.9 views

Molly White Reviews Blockchain Book

Molly White--of "Web3 is Going Just Great" fame--reviews Chris Dixons blockchain solutions book: Read Write Own: In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/12 4:49 p.m.14 views

On Passkey Usability

Matt Burgess tries to only use passkeys. The results are mixed...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/09 10:9 p.m.16 views

Friday Squid Blogging: A Penguin Named “Squid”

Amusing story about a penguin named "Squid." As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/09 6:10 p.m.14 views

No, Toothbrushes Were Not Used in a Massive DDoS Attack

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking to someone at Fortinet got it wrong, and then everyone else ran with it without reading the German text. It was a hypothetical, whi...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/08 12:0 p.m.13 views

On Software Liabilities

Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: "Standard for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor." Section 1 of this paper sets the stage by briefly describing the problem to be solved. Section ...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/07 12:4 p.m.12 views

Teaching LLMs to Be Deceptive

Interesting research: "Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training": Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given th...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/06 5:3 p.m.17 views

Documents about the NSA’s Banning of Furby Toys in the 1990s

Via a FOIA request, we have documents from the NSA about their banning of Furby toys. 404 Media has the story. EDITED TO ADD: The documents are now on Archive.org...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/05 4:10 p.m.23 views

Deepfake Fraud

A deepfake video conference call--with everyone else on the call a fake--fooled a finance worker into sending $25M to the criminals account...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/02 10:3 p.m.13 views

Friday Squid Blogging: Illex Squid in Argentina Waters

Argentina is reporting that there is a good population of illex squid in its waters ready for fishing, and is working to ensure that Chinese fishing boats dont take it all. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my bl...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/02 8:6 p.m.10 views

David Kahn

David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field. He will be missed. EDITED TO ADD 2/4: Funeral website. EDITED TO ADD 2/10: New York Times obituary...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/02 12:1 p.m.14 views

A Self-Enforcing Protocol to Solve Gerrymandering

In 2009, I wrote: There are several ways two people can divide a piece of cake in half. One way is to find someone impartial to do it for them. This works, but it requires another person. Another way is for one person to divide the piece, and the other person to complain to the police, a judge, o...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/01 12:6 p.m.15 views

Facebook’s Extensive Surveillance Network

Consumer Reports is reporting that Facebook has built a massive surveillance network: Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in th...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/31 12:4 p.m.16 views

CFPB’s Proposed Data Rules

In October, the Consumer Financial Protection Bureau CFPB proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermini...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/30 8:8 p.m.9 views

New Images of Colossus Released

GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machines eightieth anniversary birthday?. News article...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/30 12:12 p.m.14 views

NSA Buying Bulk Surveillance Data on Americans without a Warrant

It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until its told otherwise. Some news articles...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/29 12:3 p.m.14 views

Microsoft Executives Hacked

Microsoft is reporting that a Russian intelligence agency--the same one responsible for SolarWinds--accessed the email system of the companys executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and ga...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/26 10:10 p.m.13 views

Friday Squid Blogging: Footage of Black-Eyed Squid Brooding Her Eggs

Amazing footage of a black-eyed squid Gonatus onyx carrying thousands of eggs. They tend to hang out about 6,200 feet below sea level. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/26 12:9 p.m.17 views

Chatbots and Human Conversation

For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/25 12:4 p.m.16 views

Quantum Computing Skeptics

Interesting article. I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard. And that we dont know if its "land a person on the surface of the moon" hard, or "land a person on the surface of the sun" hard. They...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/24 12:6 p.m.9 views

Poisoning AI Models

New research into poisoning AI models: The researchers first trained the AI models using supervised learning and then used additional "safety training" methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidde...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/23 12:9 p.m.16 views

Side Channels Are Common

Really interesting research: "Lend Me Your Ear: Passive Remote Physical Side Channels on PCs." Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/22 12:9 p.m.19 views

AI Bots on X (Twitter)

You can find them by searching for OpenAI chatbot warning messages, like: "Im sorry, I cannot provide a response as it goes against OpenAIs use case policy." I hadnt thought about this before: identifying bots by searching for distinctive bot phrases...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/19 10:7 p.m.23 views

Friday Squid Blogging: New Foods from Squid Fins

We only eat about half of a squid, ignoring the fins. A group of researchers is working to change that. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/19 8:5 p.m.22 views

Zelle Is Using My Name and Voice without My Consent

Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads--without my permission. At least, I think it is without my permission. Its possible that I gave some sort of blanket permission when speaking at an event. Its not likely, but it is possible. I wrote to Zelle...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/19 12:21 p.m.16 views

Speaking to the CIA’s Creative Writing Group

This is a fascinating story. Last spring, a friend of a friend visited my office and invited me to Langley to speak to Invisible Ink, the CIAs creative writing group. I asked Vivian not her real name what she wanted me to talk about. She said that the topic of the talk was entirely up to me. I...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/18 12:2 p.m.11 views

Canadian Citizen Gets Phone Back from Police

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspects phone. Judge Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. "This strikes me as a...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/17 12:14 p.m.13 views

Code Written with AI Assistants Is Less Secure

Interesting research: "Do Users Write More Insecure Code with AI Assistants?": Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/16 12:21 p.m.19 views

The Story of the Mirai Botnet

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/15 12:9 p.m.13 views

Voice Cloning with Very Short Samples

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/14 5:1 p.m.12 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo IPE24 in Cape Town, South Africa, January 25-26, 2024. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/12 10:6 p.m.17 views

Friday Squid Blogging: Giant Squid from Newfoundland in the 1800s

Interesting article, with photographs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/12 12:3 p.m.14 views

On IoT Devices and Software Liability

New law journal article: Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/11 12:9 p.m.14 views

Pharmacies Giving Patient Records to Police without Warrants

Add pharmacies to the list of industries that are giving private data to the police without a warrant...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/10 12:5 p.m.16 views

Facial Scanning by Burger King in Brazil

In 2000, I wrote: "If McDonalds offered three free Big Macs for a DNA sample, there would be lines around the block." Burger King in Brazil is almost there, offering discounts in exchange for a facial scan. From a marketing video: "At the end of the year, its Friday every day, and the hangover...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/09 12:3 p.m.21 views

PIN-Stealing Android Malware

This is an old piece of malware--the Chameleon Android banking Trojan--that now disables biometric authentication in order to steal the PIN: The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/08 12:3 p.m.18 views

Second Interdisciplinary Workshop on Reimagining Democracy

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy IWORD 2023 at the Harvard Kennedy School Ash Center. As with IWORD 2022, the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/05 10:5 p.m.13 views

Friday Squid Blogging—18th Anniversary Post: New Species of Pygmy Squid Discovered

Theyre Ryukyuan pygmy squid Idiosepius kijimuna and Hannans pygmy squid Kodama jujutsu. The second one represents an entire new genus. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. And, yes, this is the eighteenth anniversary of...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/05 12:7 p.m.17 views

Improving Shor’s Algorithm

We dont have a useful quantum computer yet, but we do have quantum algorithms. Shors algorithm has the potential to factor large numbers faster than otherwise possible, which--if the run times are actually feasible--could break both the RSA and Diffie-Hellman public-key algorithms. Now, computer...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/04 12:11 p.m.61 views

New iPhone Exploit Uses Four Zero-Days

Kaspersky researchers are detailing "an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky." Its a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the...

6.8CVSS8.2AI score0.51517EPSS
Exploits3
Schneier on Security
Schneier on Security
added 2024/01/03 12:7 p.m.13 views

Facial Recognition Systems in the US

A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. This, of course, can all change without notice. Three years ago, I wrote that campaigns to ban facial recognition are too narrow. The problem here is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/02 12:4 p.m.18 views

TikTok Editorial Analysis

TikTok seems to be skewing things in the interests of the Chinese Communist Party. This is a serious analysis, and the methodology looks sound. Conclusion: Substantial Differences in Hashtag Ratios Raise Concerns about TikToks Impartiality Given the research above, we assess a strong possibility...

7.2AI score
Exploits0
Total number of security vulnerabilities2979