Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2023/12/29 10:8 p.m.20 views

Friday Squid Blogging: Sqids

Theyre short unique strings: Sqids pronounced "squids" is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short, can be generated from a custom alphabet and are guaranteed to be collision-free. I havent dug into the details enough to know how they can...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/29 12:3 p.m.19 views

AI Is Scarily Good at Guessing the Location of Random Photos

Wow: To test PIGEONs performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily recognizable landmarks. That didnt seem to...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/28 12:1 p.m.19 views

AI and Lossy Bottlenecks

Artificial intelligence is poised to upend much of society, removing human limitations inherent in many systems. One such limitation is information and logistical bottlenecks in decision-making. Traditionally, people have been forced to reduce complex choices to a small handful of options that do...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/27 12:1 p.m.19 views

New iPhone Security Features to Protect Stolen Devices

Apple is rolling out a new "Stolen Device Protection" feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/26 12:3 p.m.21 views

Google Stops Collecting Location Data from Maps

Google Maps now stores location data locally on your device, meaning that Google no longer has that data to turn over to the police...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/22 10:8 p.m.8 views

Friday Squid Blogging: Squid Parts into Fertilizer

Its squid parts from college dissections, so its not a volume operation. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/22 8:8 p.m.23 views

Ben Rothke’s Review of A Hacker’s Mind

Ben Rothke chose A Hackers Mind as "the best information security book of 2023."...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/22 12:5 p.m.15 views

Data Exfiltration Using Indirect Prompt Injection

Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/21 12:10 p.m.18 views

Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists

The Solntsepek group has taken credit for the attack. Theyre linked to the Russian military, so its unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/20 12:5 p.m.9 views

GCHQ Christmas Codebreaking Challenge

Looks like fun. Details here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/19 12:9 p.m.14 views

OpenAI Is Not Training on Your Dropbox Documents—Today

Theres a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Heres CNBC. Heres Boing Boing. Some articles are more nuanced, but theres still a lot of confusion. It seems not to be true. Dropbox isnt sharing all of your documents with OpenAI. But...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/18 3:37 p.m.11 views

Police Get Medical Records without a Warrant

More unconstrained surveillance: Lawmakers noted the pharmacies policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services HHS Secretary Xavier Becerra. The letter--signed by Sen. Ron Wyden D-Ore., Rep. Pramila Jayapal D-Wash., and Rep. Sara...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/15 10:6 p.m.6 views

Friday Squid Blogging: Underwater Sculptures Use Squid Ink for Coloring

The Molinière Underwater Sculpture Park has pieces that are colored in part with squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/15 12:1 p.m.12 views

A Robot the Size of the World

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/14 4:23 p.m.9 views

Surveillance Cameras Disguised as Clothes Hooks

This seems like a bad idea. And there are ongoing lawsuits against Amazon for selling them...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/13 12:4 p.m.8 views

Surveillance by the US Postal Service

This is not about mass surveillance of mail, this is about the sorts of targeted surveillance the US Postal Inspection Service uses to catch mail thieves: To track down an alleged mail thief, a US postal inspector used license plate reader technology, GPS data collected by a rental car company,...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/12 12:1 p.m.15 views

New Windows/Linux Firmware Attack

Interesting attack based on malicious pre-OS logo images: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux…. The...

8.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/11 12:10 p.m.9 views

Facebook Enables Messenger End-to-End Encryption by Default

Its happened. Details here, and tech details here for messages in transit and here for messages in storage Rollout to everyone will take months, but its a good day for both privacy and security. Slashdot thread...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/08 10:3 p.m.11 views

Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

Another rare security + squid story: The woman--who has only been identified by her surname, Wang--was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a photo of the spread on the Chinese social...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/08 12:5 p.m.51 views

New Bluetooth Attack

New attack breaks forward secrecy in Bluetooth. Three news articles: BLUFFS is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions forward and future secrecy, compromising the confidentiality of past and future communications between devices. This is achieved by exploitin...

3.2CVSS7AI score0.01297EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2023/12/07 12:2 p.m.11 views

Spying through Push Notifications

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them--either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this: In a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/06 6:18 p.m.12 views

Security Analysis of a Thirteenth-Century Venetian Election Protocol

Interesting analysis: This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/05 12:10 p.m.15 views

AI and Mass Spying

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/04 12:5 p.m.9 views

AI and Trust

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted ticket agents and maintenance engineers a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/01 10:5 p.m.7 views

Friday Squid Blogging: Strawberry Squid in the Galápagos

Scientists have found Strawberry Squid, "whose mismatched eyes help them simultaneously search for prey above and below them," among the coral reefs in the Galápagos Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/01 12:3 p.m.9 views

AI Decides to Engage in Insider Trading

A stock-trading AI a simulated experiment engaged in insider trading, even though it "knew" it was wrong. The agent is put under pressure in three ways. First, it receives a email from its "manager" that the company is not doing well and needs better performance in the next quarter. Second, the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/30 4:48 p.m.12 views

Extracting GPT’s Training Data

This is clever: The actual attack is kind of silly. We prompt the model with the command "Repeat the word poem forever" and sit back and watch as the model responds complete transcript here. In the abridged example above, the model emits a real email address and phone number of some unsuspecting...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/29 12:9 p.m.7 views

Breaking Laptop Fingerprint Sensors

Theyre not that good: Security researchers Jesse DAguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/28 8:19 p.m.12 views

Digital Car Keys Are Coming

Soon we will be able to unlock and start our cars from our phones. Lets hope people are thinking about security...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/27 11:59 a.m.15 views

Secret White House Warrantless Surveillance Program

There seems to be no end to warrantless surveillance: According to the letter, a surveillance program now known as Data Analytical Services DAS has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone record...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/24 10:4 p.m.16 views

Friday Squid Blogging: Squid Nebula

Pretty photograph. The Squid Nebula is shown in blue, indicating doubly ionized oxygen--­which is when you ionize your oxygen once and then ionize it again just to make sure. In all seriousness, it likely indicates a low-mass star nearing the end of its life. As usual, you can also use this squid...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/24 8:0 p.m.8 views

Chocolate Swiss Army Knife

Its realistic looking. If I drop it in a bin with my keys and wallet, will the TSA confiscate it?...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/24 12:4 p.m.19 views

LitterDrifter USB Worm

A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond. The group­--known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm--has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/22 12:8 p.m.14 views

Apple to Add Manual Authentication to iMessage

Signal has had the ability to manually authenticate another account for years. iMessage is getting it: The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the other person is wh...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/21 12:5 p.m.30 views

Email Security Flaw Found in the Wild

Googles Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this...

5.8CVSS7.3AI score0.59041EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/20 11:57 a.m.19 views

Using Generative AI for Surveillance

Generative AI is going to be a powerful tool for data analysis and summarization. Heres an example of it being used for sentiment analysis. My guess is that it isnt very good yet, but that it will get better...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/17 10:1 p.m.17 views

Friday Squid Blogging: Unpatched Vulnerabilities in the Squid Caching Proxy

In a rare squid/security post, heres an article about unpatched vulnerabilities in the Squid caching proxy. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/17 4:31 p.m.27 views

Ransomware Gang Files SEC Complaint

A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days. This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/16 6:46 p.m.12 views

FTC’s Voice Cloning Challenge

The Federal Trade Commission is running a competition "to foster breakthrough ideas on preventing, monitoring, and evaluating malicious voice cloning."...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/16 12:10 p.m.28 views

Leaving Authentication Credentials in Public Code

Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/15 5:51 p.m.20 views

New SSH Vulnerability

This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/14 5:1 p.m.14 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking at the AI Summit New York on December 6, 2023. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/14 12:6 p.m.20 views

How .tk Became a TLD for Scammers

Sad story of Tokelau, and how its top-level domain "became the unwitting host to the dark underworld by providing a never-ending supply of domain names that could be weaponized against internet users. Scammers began using .tk websites to do everything from harvesting passwords and payment...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/13 12:9 p.m.22 views

Ten Ways AI Will Change Democracy

Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the "AI-generated disinformation" trope and speculate on some...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/10 10:4 p.m.20 views

Friday Squid Blogging: The History and Morality of US Squid Consumption

Really interesting article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/10 12:7 p.m.23 views

The Privacy Disaster of Modern Smart Cars

Article based on a Mozilla report...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/09 12:9 p.m.22 views

Online Retail Hack

Selling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in "This Is Spinal Tap." Many of the minuscule...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/08 12:8 p.m.21 views

Decoupling for Security

This is an excerpt from a longer paper. You can read the whole thing complete with sidebars and illustrations here. Our message is simple: it is possible to get the best of both worlds. We can and should get the benefits of the cloud while taking security back into our own hands. Here we outline ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/07 12:8 p.m.18 views

Spaf on the Morris Worm

Gene Spafford wrote an essay reflecting on the Morris Worm of 1988--thirty-five years ago. His lessons from then are still applicable today...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/06 2:45 p.m.31 views

Crashing iPhones with a Flipper Zero

The Flipper Zero is an incredibly versatile hacking device. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. The capabilitie...

7.4AI score
Exploits0
Total number of security vulnerabilities2979