Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2023/11/03 9:5 p.m.14 views

Friday Squid Blogging: Eating Dancing Squid

Its not actually alive, but it twitches in response to soy sauce. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/03 11:1 a.m.14 views

New York Increases Cybersecurity Rules for Financial Companies

Another example of a large and influential state doing things the federal government wont: Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/02 11:7 a.m.17 views

Spyware in India

Apple has warned leaders of the opposition government in India that their phones are being spied on: Multiple top leaders of India’s opposition parties and several journalists have received a notification from Apple, saying that "Apple believes you are being targeted by state-sponsored attackers...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/31 11:3 a.m.17 views

The Future of Drone Warfare

Ukraine is using $400 drones to destroy tanks: Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of destroying a...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/30 11:10 a.m.18 views

Hacking Scandinavian Alcohol Tax

The islands of Åland are an important tax hack: Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation. This allows Scandinavians to avoid the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/27 9:13 p.m.28 views

Friday Squid Blogging: On the Ugliness of Squid Fishing

And seafood in general: A squid ship is a bustling, bright, messy place. The scene on deck looks like a mechanics garage where an oil change has gone terribly wrong. Scores of fishing lines extend into the water, each bearing specialized hooks operated by automated reels. When they pull a squid o...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/27 11:1 a.m.19 views

Messaging Service Wiretap Discovered through Expired TLS Cert

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/26 11:0 a.m.26 views

New NSA Information from (and About) Snowden

Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018. He...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/25 11:7 a.m.16 views

Microsoft is Soft-Launching Security Copilot

Microsoft has announced an early access program for its LLM-based security chatbot assistant: Security Copilot. I am curious whether this thing is actually useful...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/24 11:2 a.m.24 views

EPA Won’t Force Water Utilities to Audit Their Cybersecurity

The industry pushed back: Despite the EPAs willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/23 11:8 a.m.23 views

Child Exploitation and the Crypto Wars

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation CSAE. She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isnt the solution...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/20 9:3 p.m.13 views

Friday Squid Blogging: Why There Are No Giant Squid in Aquariums

Theyre too big and we cant recreate their habitat. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/20 11:10 a.m.27 views

AI and US Election Rules

If an AI breaks the rules for you, does that count as breaking the rules? This is the essential question being taken up by the Federal Election Commission this month, and public input is needed to curtail the potential for AI to take US campaigns even more off the rails. At issue is whether...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/19 11:8 a.m.21 views

Former Uber CISO Appealing His Conviction

Joe Sullivan, Ubers CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the companys data security a...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/18 11:6 a.m.15 views

Analysis of Intellexa’s Predator Spyware

Amnesty International has published a comprehensive analysis of the Predator government spyware products. These technologies used to be the exclusive purview of organizations like the NSA. Now theyre available to every country on the planet--democratic, nondemocratic, authoritarian, whatever--for...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/17 11:11 a.m.15 views

Security Vulnerability of Switzerland’s E-Voting System

Online voting is insecure, period. This doesnt stop organizations and governments from using it. And for low-stakes elections, its probably fine. Switzerland--not low stakes--uses online voting for national elections. Andrew Appel explains why its a bad idea: Last year, I published a 5-part serie...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/16 11:6 a.m.13 views

Coin Flips Are Biased

Experimental result: Many people have flipped coins but few have stopped to ponder the statistical and physical intricacies of the process. In a preregistered study we collected 350,757 coin flips to test the counterintuitive prediction from a physics model of human coin tossing developed by Pers...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/13 9:9 p.m.21 views

Friday Squid Blogging: On Squid Intelligence

Article about squid intelligence. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/13 11:12 a.m.22 views

Hacking the High School Grading System

Interesting New York Times article about high-school students hacking the grading system. Whats not helping? The policies many school districts are adopting that make it nearly impossible for low-performing students to fail--they have a grading floor under them, they know it, and that allows them...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/12 11:9 a.m.26 views

Bounty to Recover NIST’s Elliptic Curve Seeds

This is a fun challenge: The NIST elliptic curves that power much of modern cryptography were generated in the late 90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/11 11:4 a.m.20 views

Cisco Can’t Stop Using Hard-Coded Passwords

Theres a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/10 11:9 a.m.10 views

Model Extraction Attack on Neural Networks

Adi Shamir et al. have a new model extraction attack on neural networks: Polynomial Time Cryptanalytic Extraction of Neural Network Models Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks DNNs for a variety of tasks. Thus, it is essential ...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/09 11:3 a.m.46 views

AI Risks

There is no shortage of researchers and industry titans willing to warn us about the potential destructive power of artificial intelligence. Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks--and the steps we ne...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/06 7:4 a.m.21 views

Deepfake Election Interference in Slovakia

Well designed and well timed deepfake or two Slovakian politicians discussing how to rig the election: Šimečka and Denník N immediately denounced the audio as fake. The fact-checking department of news agency AFP said the audio showed signs of being manipulated using AI. But the recording was...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/05 11:12 a.m.17 views

Political Disinformation and AI

Elections around the world are facing an evolving threat from foreign actors, one that involves artificial intelligence. Countries trying to influence each others elections entered a new era in 2016, when the Russians launched a series of social media disinformation campaigns targeting the US...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/04 11:8 a.m.22 views

Malicious Ads in Bing Chat

Malicious ads are creeping into chatbots...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/03 11:1 a.m.83 views

Hacking Gas Pumps via Bluetooth

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that its easy to take control of the pump and have it dispense gas without requiring payment. Its a complicated crime to monetize, though. You need to sell...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/02 4:40 p.m.43 views

NSA AI Security Center

The NSA is starting a new artificial intelligence security center: The AI security centers establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/29 9:7 p.m.26 views

Friday Squid Blogging: Protecting Cephalopods in Medical Research

From Nature: Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do when they are used in research. On 7 September, the US National Institutes of Health NIH asked for feedback on proposed guidelines that, for the first time in the United States...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/27 11:8 a.m.22 views

Critical Vulnerability in libwebp Library

Both Apple and Google have recently reported critical vulnerabilities in their systems--iOS and Chrome, respectively--that are ultimately the result of the same vulnerability in the libwebp library: On Thursday, researchers from security firm Rezillion published evidence that they said made it...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/26 11:15 a.m.13 views

Signal Will Leave the UK Rather Than Add a Backdoor

Totally expected, but still good to hear: Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the countrys recently passed Online Safety Bill forced Signa...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/22 9:9 p.m.15 views

Friday Squid Blogging: New Squid Species

An ancient squid: New research on fossils has revealed that a vampire-like ancient squid haunted Earths oceans 165 million years ago. The study, published in June edition of the journal Papers in Palaeontology, says the creature had a bullet-shaped body with luminous organs, eight arms and sucker...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/21 11:3 a.m.23 views

New Revelations from the Snowden Documents

Jake Appelbaums PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/20 11:6 a.m.14 views

On the Cybersecurity Jobs Shortage

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/19 11:8 a.m.15 views

Detecting AI-Generated Text

There are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes: Do AI detectors work? In short, no. While some including OpenAI have released tools that purport to detect AI-generated content, none of these have proven to reliably...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/18 11:2 a.m.14 views

Using Hacked LastPass Keys to Steal Cryptocurrency

Remember last November, when hackers broke into the network for LastPass--a password database--and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, theyre now using that data break into crypto wallets and drain them: $35 million and counting, all going...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/15 9:8 p.m.15 views

Friday Squid Blogging: Cleaning Squid

Two links on how to properly clean squid. I learned a few years ago, in Spain, and got pretty good at it. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/15 7:12 p.m.16 views

LLM Summary of My Book Beyond Fear

Claude Anthropics LLM was given this prompt: Please summarize the themes and arguments of Bruce Schneiers book Beyond Fear. Im particularly interested in a taxonomy of his ethical arguments--please expand on that. Then lay out the most salient criticisms of the book. Claudes reply: Heres a brief...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/15 11:15 a.m.19 views

On Technologies for Automatic Facial Recognition

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvands head, Facebook could prevent users from ever forgetting a colleagues name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at ...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/14 4:1 p.m.16 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking at swampUP 2023 in San Jose, California, on September 13, 2023 at 11:35 AM PT. The list is maintained on this page...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/14 11:5 a.m.14 views

Fake Signal and Telegram Apps in the Google Play Store

Google removed fake Signal and Telegram apps from its Play store. An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/13 11:13 a.m.75 views

Zero-Click Exploit in iPhones

Make sure you update your iPhones: Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain dubbed BLASTPASS to deploy NSO Groups Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as...

4.4CVSS6.6AI score0.15263EPSS
Exploits2
Schneier on Security
Schneier on Security
added 2023/09/12 11:20 a.m.11 views

Cars Have Terrible Data Privacy

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our Privacy Not Included warning label--making cars the official worst category of products for privacy that we have ever reviewed. Theres a lot of details in the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/11 11:4 a.m.57 views

On Robots Killing People

The robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned--human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storage rack to help move...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/08 9:3 p.m.18 views

Friday Squid Blogging: Glass Squid Video

Heres a fantastic video of Taonius Borealis, a glass squid, from NOAA. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/08 11:5 a.m.28 views

LLMs and Tool Use

Last March, just two weeks after GPT-4 was released, researchers at Microsoft quietly announced a plan to compile millions of APIs--tools that can do everything from ordering a pizza to solving physics equations to controlling the TV in your living room--into a compendium that would be made...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/07 11:9 a.m.21 views

The Hacker Tool to Get Personal Data from Credit Bureaus

The new site 404 Media has a good article on how hackers are cheaply getting personal information from credit bureaus: This is the result of a secret weapon criminals are selling access to online that appears to tap into an especially powerful set of data: the targets credit header. This is...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/06 11:5 a.m.16 views

Cryptocurrency Startup Loses Encryption Key for Electronic Wallet

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet--and the recovery key--and therefore $38.9 million. It is now in bankruptcy. I cant understand why anyone thinks these technologies are a good idea...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/05 11:3 a.m.18 views

Inconsistencies in the Common Vulnerability Scoring System (CVSS)

Interesting research: Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System CVSS is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In th...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/01 9:29 p.m.19 views

Friday Squid Blogging: We’re Genetically Engineering Squid Now

Is this a good idea? The transparent squid is a genetically altered version of the hummingbird bobtail squid, a species usually found in the tropical waters from Indonesia to China and Japan. Its typically smaller than a thumb and shaped like a dumpling. And like other cephalopods, it has a...

6.8AI score
Exploits0
Total number of security vulnerabilities2979