Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2023/07/06 11:3 a.m.18 views

Belgian Tax Hack

Heres a fascinating tax hack from Belgium listen to the details here, episode 484 of "No Such Thing as a Fish," at 28:00. Basically, its about a music festival on the border between Belgium and Holland. The stage was in Holland, but the crowd was in Belgium. When the copyright collector came...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/05 11:14 a.m.10 views

Class-Action Lawsuit for Scraping Data without Permission

I have mixed feelings about this class-action lawsuit against OpenAI and Microsoft, claiming that it "scraped 300 billion words from the internet" without either registering as a data broker or obtaining consent. On the one hand, I want this to be a protected fair use of public data. On the other...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/04 11:12 a.m.15 views

The Password Game

Amusing parody of password rules. BoingBoing: For example, at a certain level, your password must include todays Wordle answer. And then theres rule 27: "At least 50% of your password must be in the Wingdings font." EDITED TO ADD 7/13: Here are all the rules...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/03 11:4 a.m.11 views

Self-Driving Cars Are Surveillance Cameras on Wheels

Police are already using self-driving car footage as video evidence: While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement ­ and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/30 8:58 p.m.10 views

Friday Squid Blogging: See-Through Squid

Doryteuthis opalescens is known as the market squid, and was critical in the recent squid RNA research. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/30 11:2 a.m.8 views

The US Is Spying on the UN Secretary General

The Washington Post is reporting that the US is spying on the UN Secretary General. The reports on Guterres appear to contain the secretary generals personal conversations with aides regarding diplomatic encounters. They indicate that the United States relied on spying powers granted under the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/29 2:37 p.m.28 views

Redacting Documents with a Black Sharpie Doesn’t Work

We have learned this lesson again: As part of the FTC v. Microsoft hearing, Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. It looks li...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/28 11:17 a.m.12 views

Stalkerware Vendor Hacked

The stalkerware company LetMeSpy has been hacked: TechCrunch reviewed the leaked data, which included years of victims call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared litt...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/27 8:36 p.m.12 views

Typing Incriminating Evidence in the Memo Field

Dont do it: Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though: Over a three-ye...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/26 3:36 p.m.16 views

Excel Data Forensics

In this detailed article about academic plagiarism are some interesting details about how to do data forensics on Excel files. It really needs the graphics to understand, so see the description at the link. And, yes, an author of a paper on dishonesty is being accused of dishonesty. Theres more...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/23 9:6 p.m.13 views

Friday Squid Blogging: Giggling Squid

Giggling Squid is a Thai chain in the UK. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/23 2:55 p.m.12 views

UPS Data Harvested for SMS Phishing Attacks

I get UPS phishing spam on my phone all the time. I never click on it, because its so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/22 3:43 p.m.16 views

AI as Sensemaking for Public Comments

Its become fashionable to think of artificial intelligence as an inherently dehumanizing technology, a ruthless force of automation that has unleashed legions of virtual skilled laborers in faceless form. But what if AI turns out to be the one tool able to identify what makes your ideas special,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/21 5:54 p.m.17 views

Ethical Problems in Computer Security

Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: "Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation": Abstract: The computer security research community regularly tackles ethical...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/19 10:52 a.m.8 views

Power LED Side-Channel Attack

This is a clever new side-channel attack: The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader­--or of an attached peripheral device--­during cryptographic operations. This technique allowed the researchers to pull a...

10AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/16 9:13 p.m.11 views

Friday Squid Blogging: Squid Can Edit Their RNA

This is just crazy: Scientists dont yet know for sure why octopuses, and other shell-less cephalopods including squid and cuttlefish, are such prolific editors. Researchers are debating whether this form of genetic editing gave cephalopods an evolutionary leg or tentacle up or whether the editing...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/16 7:7 p.m.15 views

Security and Human Behavior (SHB) 2023

Im just back from the sixteenth Workshop on Security and Human Behavior, hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/14 11:2 a.m.13 views

On the Need for an AI Public Option

Artificial intelligence will bring great benefits to all of humanity. But do we really want to entrust this revolutionary technology solely to a small group of US tech companies? Silicon Valley has produced no small number of moral disappointments. Google retired its "dont be evil" pledge before...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/13 11:3 a.m.12 views

Identifying the Idaho Killer

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students. Pay attention to the techniques: The case has shown the degree to which law enforcement investigators have come to rely on the digital...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/12 11:18 a.m.10 views

AI-Generated Steganography

New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/09 9:5 p.m.11 views

Friday Squid Blogging: Light-Emitting Squid

Its a Taningia danae: Their arms are lined with two rows of sharp retractable hooks. And, like most deep-sea squid, they are adorned with light organs called photophores. They have some on the underside of their mantle. There are more facing upward, near one of their eyes. But it’s the photophore...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/09 11:12 a.m.32 views

Operation Triangulation: Zero-Click iPhone Malware

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to th...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/08 11:30 a.m.160 views

Paragon Solutions Spyware: Graphite

Paragon Solutions is yet another Israeli spyware company. Their product is called "Graphite," and is a lot like NSO Groups Pegasus. And Paragon is working with what seems to be US approval: American approval, even if indirect, has been at the heart of Paragons strategy. The company sought a list ...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/07 11:6 a.m.15 views

How Attorneys Are Harming Cybersecurity Incident Response

New paper: "Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys": Abstract: Incident Response IR allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/06 11:17 a.m.36 views

Snowden Ten Years Later

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/05 11:14 a.m.10 views

The Software-Defined Car

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/02 9:13 p.m.8 views

Friday Squid Blogging: Squid Chromolithographs

Beautiful illustrations. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD 6/4: Slashdot thread...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/02 2:21 p.m.32 views

Open-Source LLMs

In February, Meta released its large language model: LLaMA. Unlike OpenAI and its ChatGPT, Meta didnt just give the world a chat window to play with. Instead, it released the code into the open-source community, and shortly thereafter the model itself was leaked. Researchers and programmers...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/01 11:17 a.m.14 views

On the Catastrophic Risk of AI

Earlier this week, I signed on to a short group statement, coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising t...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/31 2:53 p.m.15 views

Chinese Hacking of US Critical Infrastructure

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/30 11:16 a.m.11 views

Brute-Forcing a Fingerprint Reader

Its neither hard nor expensive: Unlike password authentication, which requires a direct match between what is inputted and whats stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/26 9:5 p.m.14 views

Friday Squid Blogging: Online Cephalopod Course

Atlas Obscura has a five-part online course on cephalopods, taught by squid biologist Dr. Sarah McAnulty. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/26 11:12 a.m.14 views

Expeditionary Cyberspace Operations

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure. A revised version of Joint Publication 3-12 Cyberspace...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/25 11:5 a.m.14 views

On the Poisoning of LLMs

Interesting essay on the poisoning of LLMs--ChatGPT in particular: Given that weve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, its entirely possible that bad actors have been poisoning ChatGPT for months. We dont know...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/24 11:23 a.m.13 views

Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws

Its been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means its up to the states to enforce the laws...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/23 11:15 a.m.14 views

Credible Handwriting Machine

In case you dont have enough to worry about, someone has built a credible handwriting machine: This is still a work in progress, but the project seeks to solve one of the biggest problems with other homework machines, such as this one that I covered a few months ago after it blew up on social...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/22 11:15 a.m.16 views

Google Is Not Deleting Old YouTube Videos

Google has backtracked on its plan to delete inactive YouTube videos--at least for now. Of course, it could change its mind anytime it wants. It would be nice if this would get people to think about the vulnerabilities inherent in letting a for-profit monopoly decide what of human creativity is...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/19 9:6 p.m.15 views

Friday Squid Blogging: Peruvian Squid-Fishing Regulation Drives Chinese Fleets Away

A Peruvian oversight law has the opposite effect: Peru in 2020 began requiring any foreign fishing boat entering its ports to use a vessel monitoring system allowing its activities to be tracked in real time 24 hours a day. The equipment, which tracks a vessels geographic position and fishing...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/19 11:11 a.m.25 views

Security Risks of New .zip and .mov Domains

Researchers are worried about Googles .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/17 11:1 a.m.64 views

Microsoft Secure Boot Bug

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has...

4CVSS6.9AI score0.10561EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/15 11:18 a.m.13 views

Micro-Star International Signing Key Stolen

Micro-Star International--aka MSI--had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computers most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesnt have an automated...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/14 4:5 p.m.9 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST. The list is maintained on this page...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/12 9:4 p.m.10 views

Friday Squid Blogging: Giant Squid Video

A video--authentic, not a deep fake--of a giant squid close to the surface. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/12 2:0 p.m.16 views

Ted Chiang on the Risks of AI

Ted Chiang has an excellent essay in the New Yorker: "Will A.I. Become the New McKinsey?" The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different meaning...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/11 11:17 a.m.15 views

Building Trustworthy AI

We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives, and capabilities behind them, too. Imagine youre using an AI chatbot to plan a vacation. Did it suggest a particular resort because i...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/10 3:25 p.m.15 views

FBI Disables Russian Malware

Reuters is reporting that the FBI "had identified and disabled malware wielded by Russias FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russias leading cyber spying programs." The headline says that the FBI "sabotaged...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/09 3:20 p.m.22 views

PIPEDREAM Malware against Industrial Control Systems

Another nation-state malware, Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/08 3:29 p.m.12 views

AI Hacking Village at DEF CON This Year

At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will rely on an evaluation platform developed by Scale AI, a California company that produces training for AI applications. Participants wi...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/05 9:12 p.m.12 views

Friday Squid Blogging: “Mediterranean Beef Squid” Hoax

The viral video of the "Mediterranean beef squid"is a hoax. Its not even a deep fake; its a plastic toy. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/04 10:45 a.m.15 views

Large Language Models and Elections

Earlier this week, the Republican National Committee released a video that it claims was "built entirely with AI imagery." The content of the ad isnt especially novel--a dystopian vision of America under a second term with President Joe Biden--but the deliberate emphasis on the technology used to...

6.5AI score
Exploits0
Total number of security vulnerabilities2979